Building a Private Cloud

The buzz about cloud computing has been deafening for the past few months. Every new startup seems to be using these services, and now cloud computing is even the focus of television commercials during major sporting events. The power of the cloud is undeniable. It has the ability to provide on-demand computing with little up-front investment, but it can be extremely disruptive as well. How does an IT manager approach the cloud for infrastructure and applications?

Although some companies have been moving full-steam into the cloud, most mature IT organizations are just starting to look at the cloud for possible solutions. In a tight economy, IT needs to find new ways to save money and be innovative at the same time. With the entrance of big players like IBM Corp. and Microsoft, the market for cloud technologies now has several competitors vying for space in companies' networks.

Outside the realm of customer- and Internet-facing applications, cloud solutions either extend internal infrastructure into an environment where IT professionals don't have traditional management capabilities, or move the cloud to an internal infrastructure.

IT departments have spent years building rock-solid processes, procedures and expertise to make their data centers and the systems in them reliable and manageable. Now, promises of lower costs and better utilization are calling from the hyper-machine. Can IT departments take the core of cloud computing and provide nimble, real-time responses to the needs of their businesses using the technology they already have? IT pros should take a rational look at the options, cut through the hype and ultimately deploy the cloud effectively in their organizations' infrastructures.

The Private Cloud Today
Vendors are defining the private cloud, so every vendor has a different take on the meaning of this new approach to computing resources. The big reasons to move toward a private cloud include automation and utilization. Companies have been moving data centers toward virtualization to save money by increasing utilization of the computers they already own. The private cloud elevates this concept not only by virtualizing servers, but also by turning virtual machines (VMs) into a pool of resources that can be provisioned on demand with minimal manual intervention.

In addition, it allows for a type of on-demand response to needs by moving resources to where they're needed quickly. Some vendors take that model and extend it to public cloud resources and address the typical multi-tenant model to try to satisfy security, usability and performance concerns unique to enterprise IT. Whatever the definition, what an organization is trying to do is harness better utilization of computing power and ease administration requirements with better control over the environment.

Vendor Assessment: Amazon
Major vendors are making their way into private cloud computing. IBM, Microsoft, VMware Inc., Amazon.com Inc., smaller companies such as Rackspace US Inc. and open source providers such as Ubuntu are all offering (or will offer) private cloud solutions. Because "private cloud" can be defined in so many different ways, an IT organization will need to closely evaluate available solutions based upon the company's current situation and what the end goal for each company's product will be.

Amazon launched its Virtual Private Cloud (VPC) last year. It offers yet another version of the private cloud concept by not providing any internal IT framework on which to use existing systems. Instead, it brings its traditional -- and very successful -- cloud service to host parts of an IT infrastructure. VPC connects to the internal network via a VPN connection and host server instances on the Amazon Elastic Compute Cloud (EC2); utilizes the Amazon Elastic Block Store (EBS) for backup and SAN-style connectivity; and monitors it all with Amazon CloudWatch. This flexibility extends to building VMs in the cloud and adding them to the IT organization's existing directories. Meanwhile, existing network subnets and schemas are maintained. IT pros can have customized images (that are similar to images for internal VMs) ready to deploy using Amazon Machine Images (AMIs) -- stored in the Simple Storage Service (S3) -- which builds new EC2 instances on the fly. Amazon segments these EC2 instances using virtual firewalls as well as IPsec transport security.

The Amazon option requires no up-front investment, but it does nothing to integrate current technology investments into a private cloud. This means the infrastructure is largely out of IT's control in the traditional sense. IT pros will also have to consider the sensitive information storage requirements of their applications to determine whether a hosted solution meets standards set by laws such as HIPAA or Sarbanes-Oxley. Cloud vendors such as Amazon have taken steps to address these worries, but the problems haven't necessarily gone away.

Another concern with this model is the lag time of transactions. IT pros rely on a wide-area connection with the overhead of a VPN. Although it's possible to have a fat pipe to Amazon and a very fast routing or VPN solution, it'll still be slower to access than a local data center.

Pricing for Amazon's VPC breaks down to usage and how much data is transferred. All data is transferred in for $.10 per gigabyte -- though Amazon is waiving that price until June 30, 2010). Transfer prices for outbound data are on a sliding scale, with the first 10TB coming at $.17 per gigabyte, the next 40TB at $.13 per gigabyte, the next 100TB at $.11 per gigabyte and $.10 per gigabyte after 150TB. The VPN connection is $.05 per hour. All of this does not take into consideration EC2 needs, which start at $.12 per hour for a standard "small" instance of a Windows Server out of the North Virginia location. Prices can go up to $4.36 per hour for a bigger, high-memory instance of a SQL Server in the California center.

As an example, assume a company needs a dozen large, on-demand Windows servers for a development project in the cloud over Amazon's VPC, sending 200GB and receiving 2TB of data per month. Using gold support, these cloud instances would cost roughly $1,150 per month. This is one example of a project that might benefit from a quick spin-up of on-demand servers, but by using those numbers, it's simple enough for IT pros to draw their own conclusions on cost.

Vendor Assessment: IBM
The IBM private-cloud product employs an on-premises private cloud as the primary option for most businesses. As is the case with most IBM products, companies really need to buy into the IBM approach. IBM often customizes an offering using the internal infrastructure already existing in the IT organization, even using mainframes to host cloud services. This approach involves the famous IBM consulting unit. IBM's consultants concentrate on security and governance, which keeps most of the company's cloud offerings inside the data center.

IBM isn't all consulting and big change, however. The IBM appliance entry into the private cloud is called CloudBurst. This is a solution based on the System x BladeCenter platform, and comes pre-installed with the cloud framework.

CloudBurst is an appliance approach to private clouds that does not utilize existing technology but rather creates a new infrastructure for deploying images and patterns. The IBM product includes an entire rack loaded up with everything necessary to get the cloud concept up and running. With its built-in ability to provision those applications on an as-needed basis, this offering integrates very well with WebSphere applications. CloudBurst also allows the creation of quick macro templates, enabling the "do it once, deploy it may times" provisioning called Web Replay. In addition, it features VMware's hypervisor and the ability to meter and account for resource use. This entry-level appliance costs about $200,000, depending on the configuration.

Vendor Assessment: Microsoft
Microsoft is charging ahead in the cloud-computing space with the rollout of Windows Azure, which is a platform as well as a way to host Windows and SQL Servers in the public cloud. Microsoft made Windows Azure "available free to evaluate" through January, and on Feb. 1 Redmond launched the platform as a paid service.

The current Windows Azure offerings are all public cloud for now, but Microsoft recently announced private-cloud technology based on Windows Azure. For example, "Project Sydney" will enable enterprises to tie together data centers and the public Windows Azure services as part of a hybrid infrastructure, and AppFabric will allow developers to harness cloud services regardless of whether those services are on-premises or hosted in the public cloud.

As of yet, Microsoft hasn't integrated Windows Azure into this hybrid cloud model. AppFabric is already in developer preview, with Project Sydney expected to make its beta debut by the end of 2010.

The Dynamic Data Center Toolkit for Enterprises (DDCT-E) is scheduled to be released during the first half of 2010. It aims to address servers, networks and storage as a single set of available resources in the same pool, thereby reducing idle time. Automation through batch creation and provisioning of VMs is the key to the automation of the Microsoft environment. The focus is on automation of provisioning and proper tracking of those deployed resources. Microsoft provides a self-service portal along with role-based access control. Tracking and chargeback reports are also available. DDCT-E will be free, but it integrates with Windows Server 2008 R2 Hyper-V and Microsoft System Center Virtual Machine Manager 2008, which carry steep price tags. Microsoft finds itself on the cusp of big developments in the private cloud, as well as in hybrid cloud models, but it hasn't done much yet in the way of shipping products.

Vendor Assessment: VMware
VMware is providing the private cloud as an extension of its well-known virtualization platform. It relies on vSphere's ability to manage the infrastructure from thin-provisioning storage and virtual switching to vMotion on VMs, as well as storage. vSphere version 4 includes host profiles, which allow for automated configuration of all aspects of a VM, as well as confirming compliance to that configuration. vSphere also includes plenty of other advanced features, such as the ability to power down servers in a cluster when power isn't required, and then power them back up when CPUs reach maximum capacity. It can also dynamically control storage through vMotion for storage, or via Volume Grow, which extends storage as needed. The VM resource pools will assign additional capacity or balance capacity based on priority according to business rules. vSphere can provide a bridge to hosted cloud providers that use VMware, such as Rackspace, providing them with on-demand capacity outside of the private cloud.

vSphere pricing for Enterprise Server Plus, which includes private cloud features such as host profiles and resource-pool access control, is $3,495 per one processor with up to 12 cores.

Making the Decision
While a private cloud is a compelling next step for many IT departments trying to find something after virtualization, the reality is that it can be a significant expense that needs a solid ROI story in order to justify the investment. In fact, though many companies are pointing to hybrid public-private cloud models as the way to reap true benefits of the cloud for the enterprise, IT pros still have to consider their security needs before they can buy into that kind of solution.

Amazon's offering may be best for greenfield installations of new applications where IT doesn't want to put up the initial investment for infrastructure. It can also be useful for building disaster recovery scenarios wherein there's no need to duplicate data centers at the ready for certain applications. IT pros can also use the firewall ability to segment applications, which can be useful for branch office needs. It's important to ensure that a deployed product won't be susceptible to WAN latency and possibly slower transaction times.

IBM is certainly in the private cloud mix, but most implementations will require customization and full projects initiated from the consulting side of IBM. The company also has the all-in-one CloudBurst appliance, but this platform is new equipment, so IT organizations that are considering private cloud as a separate initiative rather than a transformative option for existing equipment will want to look at this kind of solution. Otherwise, an IT shop with a mix of equipment -- up to and including mainframes -- which wants to find a way to integrate all of those resources under one cloud will want to look to IBM for answers.

Microsoft and VMware have similar outlooks on private compute clouds: Take the current investment that sits in the data center today and harness it for better utilization and quicker response to the immediate needs of the enterprise. For a VMware shop that has the virtualization infrastructure built out, vSphere may be the next logical step. The additional capabilities support the ability to spin up resources and move them where they're needed while tracking all of those resources. They also allow for delegation of specific pools of resources, including storage pools, making vSphere a fairly complete package. However, the price may stop some IT professionals in their tracks. For a company that wants to take a large server infrastructure into a private cloud, the price won't be something that can easily be justified without a plan for reaping the benefits of this level of control.

Those seriously deploying Microsoft Hyper-V may want to wait to see if Microsoft's DDCT-E System Center integration will be a viable alternative to VMware. The tool is not the final answer for private clouds, but it's a steppingstone toward bigger efforts expected later in the year, with an automated integration with public Windows Azure services expected as a feature. Organizations that are not looking to implement a full-on private cloud immediately may want to wait to see what's coming from Microsoft. For now, Microsoft has the concept down, but the implementation is not yet ready.